> For the complete documentation index, see [llms.txt](https://thmflags.gitbook.io/thm-walkthroughs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://thmflags.gitbook.io/thm-walkthroughs/difficulty-easy/owasp-top-10/task-21-insecure-deserialization.md).

# Task 21 - Insecure Deserialization

## Task 21 <mark style="color:blue;background-color:blue;">\[Severity 8]</mark> Insecure Deserialization

### Who developed the Tomcat application?

{% hint style="warning" %}
**HINT:** The full name
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`The Apache Software Foundation`

</details>

### What type of attack that crashes services can be performed with insecure deserialization?

{% hint style="warning" %}
**HINT:** Also known as a "DoS" attack
{% endhint %}

<details>

<summary>Reveal Flag <span data-gb-custom-inline data-tag="emoji" data-code="1f6a9">🚩</span></summary>

:triangular\_flag\_on\_post:`Denial of Service`

</details>
